CODEWITHSUNDEEP
phplaravellaravel-passportlaravel-11
hretic
hretic

Reputation: 1085

passport authorization of 3rd party app - accessing /oauth/authorize with token based user from front app

i have a website with separate fornt(vue) and backend (laravel) applications

im using passport for authentication , generating personal access token for users and storing it in front application , and sending request with Bearer authToken to backend from front app for protected routes

i have a personal client to generate these tokens

now im trying to grant another website users to access their information in my website , so i have created a new passport client for 3rd party apps

and ask for authorization from 3rd app using that client

     $query = http_build_query([
        'client_id' => config('mywebsite.auth_client_id'),
        'redirect_uri' => route('thisapp.callback'),
        'response_type' => 'code',
        'scope' => '',
        'state' => Str::uuid()->toString() ,
    ]);
    
    return ['url' => config('mywebsite.mywebsite_url') .'/oauth/authorize?'.$query];

which generates a authorizations url

http://api.mywebsite.com/oauth/authorize?....

the problem is this will generate a backend route , which is protected by auth:web

users need to login in my backend directly which means i need a frontent app for login in my backend app

i tried to call this route via my front app with user token , but apparently this route is protected with web/session guard and dont recognize my front token

i've tried to change the guard in config/passport to api so the route works with token/api guard but im getting this error

"message": "Laravel\Passport\Http\Controllers\AuthorizationController::__construct(): Argument #2 ($guard) must be of type Illuminate\Contracts\Auth\StatefulGuard, Laravel\Passport\Guards\TokenGuard given",

i tried to overwrite the route with auth:api middleware

Route::get('/oauth/authorize', [\Laravel\Passport\Http\Controllers\AuthorizationController::class, 'authorize'])->middleware('auth:api');

but still asking for log in when i call the route with my auth token

is there any way to call these routes with api/token logged user from front end instead of web/session in the backend ?

Upvotes: 1

Views: 323

Answers (1)

Praveen
Praveen

Reputation: 302

I think you are searching for Passport JSON APIs

Passport contains the webpages for login, you can use that to redirect to the common page to login for multiple third party applications

Also Passport contains predefined JSON APIs to issue and verify tokens of the system, for this you can use your own UI, but the common system for Authentication & Authorisation

Upvotes: 0

Related Questions